Defense in depth — the Microsoft way (part 33): arbitrary code execution (and UAC bypass) via RegEdit.exe

September 11, 2015 007admin Leave a comment

Posted by Stefan Kanthak on Sep 11

Hi @ll,

part 31 (see <http://seclists.org/fulldisclosure/2015/Mar/92>)
showed how to execute arbitrary (rogue) executables planted as
– %SystemRoot%System32Write.exe,
– %SystemRoot%System32WinHelp.exe,
– %SystemRoot%System32RegEdit.exe,
– %SystemRoot%System32Explorer.exe
etc. instead of
– %SystemRoot%Write.exe,
– %SystemRoot%WinHelp.exe,
– %SystemRoot%RegEdit.exe,
– %SystemRoot%Explorer.exe
etc., including the possibility to…

007 Software

Defense in depth — the Microsoft way (part 33): arbitrary code execution (and UAC bypass) via RegEdit.exe

Leave a Reply Cancel reply

Software and Security Information